From c6f4c5916ef467814d970c70627a82c1df4d2686 Mon Sep 17 00:00:00 2001
From: Jaime Iniesta <jaimeiniesta@gmail.com>
Date: Fri, 9 Jul 2010 17:53:47 +0200
Subject: Minor typos: 'built-in' instead of 'built in', 'built into' instead
 of 'built in to'

---
 railties/guides/source/security.textile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'railties/guides/source/security.textile')

diff --git a/railties/guides/source/security.textile b/railties/guides/source/security.textile
index b45514f66d..60108d5ab3 100644
--- a/railties/guides/source/security.textile
+++ b/railties/guides/source/security.textile
@@ -670,7 +670,7 @@ Also, the second query renames some columns with the AS statement so that the we
 
 h5(#sql-injection-countermeasures). Countermeasures
 
-Ruby on Rails has a built in filter for special SQL characters, which will escape ' , " , NULL character and line breaks. <em class="highlight">Using +Model.find(id)+ or +Model.find_by_some thing(something)+ automatically applies this countermeasure</em>. But in SQL fragments, especially <em class="highlight">in conditions fragments (+:conditions => "..."+), the +connection.execute()+ or +Model.find_by_sql()+ methods, it has to be applied manually</em>.
+Ruby on Rails has a built-in filter for special SQL characters, which will escape ' , " , NULL character and line breaks. <em class="highlight">Using +Model.find(id)+ or +Model.find_by_some thing(something)+ automatically applies this countermeasure</em>. But in SQL fragments, especially <em class="highlight">in conditions fragments (+:conditions => "..."+), the +connection.execute()+ or +Model.find_by_sql()+ methods, it has to be applied manually</em>.
 
 Instead of passing a string to the conditions option, you can pass an array to sanitize tainted strings like this:
 
-- 
cgit v1.2.3